[jira] [Commented] (DELTASPIKE-1250) create a master/client encryption handling
[ https://issues.apache.org/jira/browse/DELTASPIKE-1250?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16021537#comment-16021537 ] ASF subversion and git services commented on DELTASPIKE-1250: - Commit 98d4c2ab2ea2ce15cfe60c637a3792c3843b49f4 in deltaspike's branch refs/heads/master from [~struberg] [ https://git-wip-us.apache.org/repos/asf?p=deltaspike.git;h=98d4c2a ] DELTASPIKE-1250 adding documentation for encryption > create a master/client encryption handling > -- > > Key: DELTASPIKE-1250 > URL: https://issues.apache.org/jira/browse/DELTASPIKE-1250 > Project: DeltaSpike > Issue Type: New Feature > Components: Configuration >Affects Versions: 1.7.2 >Reporter: Mark Struberg >Assignee: Mark Struberg > Fix For: 1.8.0 > > > For storing passwords in our configuration I'd like to implement a 2 stage > approach to symmetric encryption. > The current ideas is to have an encrypted hash derived from a master password > and machine specific information (MAC, IP, expiry date, etc). > This encrypted sequence is different on every box. But the decrypted hash is > not. > > With this hash we can encode a user password, which is then ofc the same on > different boxes. > Of course all that is just security by obscurity, but it's still much better > than plaintext and even close to Hashicorp Vault. > After all, the only really secure way is using a hardware crypto box plus the > user has to manually provide a password and not using static passwords but > 1-time consumable tokens. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (DELTASPIKE-1253) allow PropertyFileConfig to also pick up property files from the file system
[ https://issues.apache.org/jira/browse/DELTASPIKE-1253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16021240#comment-16021240 ] ASF subversion and git services commented on DELTASPIKE-1253: - Commit 63ee99e36a4a9676a1e477d3d898a206fde21a8e in deltaspike's branch refs/heads/master from [~struberg] [ https://git-wip-us.apache.org/repos/asf?p=deltaspike.git;h=63ee99e ] DELTASPIKE-1253 fix broken unit test on windows > allow PropertyFileConfig to also pick up property files from the file system > > > Key: DELTASPIKE-1253 > URL: https://issues.apache.org/jira/browse/DELTASPIKE-1253 > Project: DeltaSpike > Issue Type: New Feature > Components: Configuration >Affects Versions: 1.7.2 >Reporter: Mark Struberg >Assignee: Mark Struberg > Fix For: 1.8.0 > > > Currently PropertyFileConfig only picks up properties with a given name from > the classpath. > It should also be allowed to use other URLs like file:// or http:// to pick > up configuration. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (DELTASPIKE-1250) create a master/client encryption handling
[ https://issues.apache.org/jira/browse/DELTASPIKE-1250?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16021241#comment-16021241 ] ASF subversion and git services commented on DELTASPIKE-1250: - Commit d1cc650d68686d02656f53a4f532a2acb911bc6d in deltaspike's branch refs/heads/master from [~struberg] [ https://git-wip-us.apache.org/repos/asf?p=deltaspike.git;h=d1cc650 ] DELTASPIKE-1250 add documentation and improve JavaDocs > create a master/client encryption handling > -- > > Key: DELTASPIKE-1250 > URL: https://issues.apache.org/jira/browse/DELTASPIKE-1250 > Project: DeltaSpike > Issue Type: New Feature > Components: Configuration >Affects Versions: 1.7.2 >Reporter: Mark Struberg >Assignee: Mark Struberg > Fix For: 1.8.0 > > > For storing passwords in our configuration I'd like to implement a 2 stage > approach to symmetric encryption. > The current ideas is to have an encrypted hash derived from a master password > and machine specific information (MAC, IP, expiry date, etc). > This encrypted sequence is different on every box. But the decrypted hash is > not. > > With this hash we can encode a user password, which is then ofc the same on > different boxes. > Of course all that is just security by obscurity, but it's still much better > than plaintext and even close to Hashicorp Vault. > After all, the only really secure way is using a hardware crypto box plus the > user has to manually provide a password and not using static passwords but > 1-time consumable tokens. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
Re: jbossas 7.1.1.Final build
Well, best would be to use EAP 6.4+, since there you got J8 support. But I am not really sure how this stands from legal point of view - e.g. if you can simply download and use it. As for fail fast - my quick guess would be to modify the profile and try maven enforcer with JDK version? Matej - Original Message - > From: "Mark Struberg" > To: "deltaspike" > Sent: Monday, May 22, 2017 11:23:28 AM > Subject: Re: jbossas 7.1.1.Final build > > ouch, yes, that might have been the issue. > I was definitely using Java8. > > Will try later with j7. > > Can we do anything to fail fast? > > As John pointed out I fell over it a month ago myself - seems I'm an old > senile guy already ;) > > txs and LieGrue, > strub > > > Am 22.05.2017 um 10:05 schrieb Matej Novotny : > > > > Hi Mark, > > > > I took a glance at this and 'mvn clean install -Pjbossas-build-managed-7' > > works fine for me on current master. > > Are you using Java 7? Because JBoss AS 7 requires that. > > > > Matej > > > > - Original Message - > >> From: "Mark Struberg" > >> To: "Deltaspike" > >> Sent: Sunday, May 21, 2017 5:49:08 PM > >> Subject: jbossas 7.1.1.Final build > >> > >> Hi folks! > >> > >> Could someone from JBoss take a quick look at the 7.1.1.Final build? > >> > >> mvn clean install -Pjbossas-build-managed-7 > >> > >> This stops at core-impl. I literally mean 'stops'. > >> > >> > >> txs and LieGrue, > >> strub > >> > >